Can't access Clients in configured VLAN

Hi,

as for WAN Access  - you prabably need a MASQ Rule to use your routers WAN IP Address when websurfing.

Did you try anything else than ping in your LAN? Ping maybe blocked by the firewall.

The client uses the Firewall's IP as Gateway?

I would suggest you use the policy tester tab in the logviewer and check what it is saying about your requests.

And an other tip: just go to the VLAN Interface and click safe without changing anything. Had similar issues with VLANs in the past...

there is a masquerading-rule for LAN. It works fine with all native Subnets, just for the VLAN (as well Member of LAN) not.

everything is getting blocked. I have a client with a web-interface which isn't accessible. The policy tester don't show anything. All policy-rules are configured to "allow all".

As you can see in my screenshot the firewall allows the ICMP-request, so i don't think its a blocking issue.

I also tried the tip with just saving the VLAN-Interface once again but nothing happened. The Gateway-IP is the Firewalls Vlan-IF-IP.

there is a masquerading-rule for LAN. It works fine with all native Subnets, just for the VLAN (as well Member of LAN) not.

everything is getting blocked. I have a client with a web-interface which isn't accessible. The policy tester don't show anything. All policy-rules are configured to "allow all".

As you can see in my screenshot the firewall allows the ICMP-request, so i don't think its a blocking issue.

I also tried the tip with just saving the VLAN-Interface once again but nothing happened. The Gateway-IP is the Firewalls Vlan-IF-IP.

I think you have to use GUI Packet Capture tool in Diagnostics to see through which FW interfaces the packets from out of 192.168.2.0 to 192.168.78.0 and especially back really go.

We noticed strange things in log viewer not showing packets that are seen and allowed or blocked in packet capture.

What you mean with "The policy tester don't show anything." is it blank?

So i used the packet capture.

When i connect to the VLan-GW its show up the Status "Consum..."

When i try connecting to a Client in the Vlan it show "Forward.." with the rule ID 7 as the accepting LAN-LAN-rule

In addition the connection list shows up the connection status "SYN_SENT, UNREPLIED"

The opposite way it doesn't show up anything but Broadcasts which are shown in the interface Port 4 instead of 4.5 (which is the Vlan)

So nothing which really helps

Any clues?

Else i will try to catch the traffic between the Vlan-client and the Firewall with Wireshark to see what exactly goes out and what not

Can the network devices in 78.0/24 ping the RED gateway IP 78.1?

If not, can you check on XG SSH shell with ifconfig if the VLAN adapter has this IPv4 address?

If yes do they really use this IP as gateway to 2.0/24 subnet? Is the XG configured as DHCP server there?

No, the Clients in the Vlan cannot ping the GW-IP but the other subnets can.

The Clients in the Vlan don't get any IP-Adresse via DHCP.

When i configure static IP i can't access more than the other clients in thre Vlan-Subnet.

I think i will switch to another Hardware. I don't know what else to try. Maybe i will just reset the Sophos and try it again